[oi-dev] hercules, lftp, and xcowsay

Josef 'Jeff' Sipek jeffpc at josefsipek.net
Wed Nov 12 13:39:57 UTC 2014 

On Wed, Nov 12, 2014 at 10:57:27AM +0100, David Höppner wrote:
> Hi Jeff,
> 
> 2014-11-08 1:03 GMT+01:00 Josef 'Jeff' Sipek <jeffpc at josefsipek.net>:
> > I have one new component and two trivial improvements to contribute.  The
> > new component is Hercules - an IBM mainframe emulator.
> >
> I cherry picked that commit.

Thanks.

> >  The first
> > improvement is to enable openssl in the lftp component (to allow encrypted
> > ftp connections).
> >
> lftp links with libgnutls by default. This does not work?

It does not.  It looks like the moment lftp switches to TLS more, it fails
to decrypt the next packet and so it kills the connection.  Session with
gnutls:

$ lftp X
lftp X:~> debug
lftp X:~> user jeffpc
Password: 
lftp jeffpc at X:~> ls
---- Connecting to X (X.X.X.X) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 15:26. Server port: 21.
<--- 220-This is a private system - No anonymous login
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
---> FEAT
<--- 211-Extensions supported:   
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  UTF8
<---  ESTA
<---  PASV
<---  EPSV
<---  SPSV
<--- 211 End.
---> AUTH TLS
<--- 234 AUTH TLS OK.           
---> OPTS UTF8 ON
**** gnutls_handshake: Decryption has failed.
---- Closing control socket

And with OpenSSL:

$ lftp X
lftp X:~> debug
lftp X:~> user jeffpc
Password: 
lftp jeffpc at X:~> ls
---- Connecting to X (X.X.X.X) port 21
<--- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
<--- 220-You are user number 1 of 50 allowed.
<--- 220-Local time is now 15:21. Server port: 21.
<--- 220-This is a private system - No anonymous login
<--- 220-IPv6 connections are also welcome on this server.
<--- 220 You will be disconnected after 15 minutes of inactivity.
---> FEAT
<--- 211-Extensions supported:   
<---  EPRT
<---  IDLE
<---  MDTM
<---  SIZE
<---  REST STREAM
<---  MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
<---  MLSD
<---  AUTH TLS
<---  PBSZ
<---  PROT
<---  UTF8
<---  ESTA
<---  PASV
<---  EPSV
<---  SPSV
<--- 211 End.
---> AUTH TLS
<--- 234 AUTH TLS OK.           
---> OPTS UTF8 ON
Certificate depth: 0; subject: X
WARNING: Certificate verification: self signed certificate
WARNING: Certificate verification: unable to get local issuer certificate
WARNING: Certificate verification: certificate subject name 'X' does not match target host name 'X'
<--- 200 OK, UTF-8 enabled 
---> OPTS MLST type;size;modify;UNIX.mode;UNIX.uid;UNIX.gid;
<--- 200  MLST OPTS type;size;sizd;modify;UNIX.mode;UNIX.uid;UNIX.gid;unique;
---> USER jeffpc
<--- 331 User jeffpc OK. Password required
---> PASS XXXX
<--- 230-User jeffpc has group access to:  vftprw    
<--- 230 OK. Current directory is /home/jeffpc

And FWIW:

$ cat ~/.lftprc 
set ftp:ssl-protect-data on
set ssl:verify-certificate off

> >  The second improvement is really just a cleanup to the
> > makefile & manifest for the xcowsay component.  (Much like xmessage, I
> > didn't notice that it already existed at first.  Instead of just deleting
> > the duplicate, I decided that it should be used instead as it is marginally
> > cleaner.)
>
> So this commit is about moving desktop/xcowsay to x11/xcowsay? Do we
> need obsolete the old package?

Oops!  That's a mistake.  I corrected it, and pushed the update to the same
repo/branch.

Jeff.

-- 
Ready; T=0.01/0.01 08:20:35

More information about the oi-dev mailing list